Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2026-34197

CWE-20Improper Input ValidationCWE-94Code InjectionCWE-78OS Command Injection14 documents12 sources
Severity
8.8HIGH
EPSS
6.2%
top 9.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Apache Software Foundation Apache ActivemqApache Software Foundation Apache Activemq ALLApache Software Foundation Apache Activemq Broker
Timeline
PublishedApr 7
Latest updateApr 8

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

Mavenorg.apache.activemq:activemq-broker6.0.06.2.3+1
Mavenorg.apache.activemq:activemq-all6.0.06.2.3+1
CVEListV5apache_software_foundation/apache_activemq6.0.06.2.3+1

🔴Vulnerability Details

5
CVEList
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans2026-04-07
OSV
CVE-2026-34197: Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ2026-04-07
OSV
CVE-2026-34197: Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ2026-04-07
GHSA
Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans2026-04-07
GHSA
GHSA-rxpj-7qvf-xv32: Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ2026-04-07

💥Exploits & PoCs

1
Nuclei
Apache ActiveMQ - Remote Code Execution

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Apace ActiveMQ Jolokia addNetworkConnector Remote Code Execution Attempt (CVE-2026-34197)2026-04-08

📋Vendor Advisories

2
Red Hat
org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: Apache ActiveMQ: Arbitrary Code Execution via crafted discovery URI in Jolokia JMX-HTTP bridge2026-04-07
Debian
CVE-2026-34197: activemq - Improper Input Validation, Improper Control of Generation of Code ('Code Injecti...2026

🕵️Threat Intelligence

2
Bleepingcomputer
13-year-old bug in ActiveMQ lets hackers remotely execute commands2026-04-08
Wiz
CVE-2026-34197 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-34197 org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: Apache ActiveMQ: Arbitrary Code Execution via crafted discovery URI in Jolokia JMX-HTTP bridge2026-04-07
Bugzilla
CVE-2026-34197 log4j: Apache ActiveMQ: Arbitrary Code Execution via crafted discovery URI in Jolokia JMX-HTTP bridge [fedora-all]2026-04-07